Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32:trojan-gen{other}


  • This topic is locked This topic is locked
2 replies to this topic

#1 mattotest

mattotest

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 19 November 2007 - 02:48 PM

Hi there, I am new to this forum so I hope you can help and answer relatively speedily.

I can't seem to shift a virus, it *might* be launching a file in c:\documents and settings\ebal\local settings\temp as my AVAST AV warns me of a tmp in there, then a few seconds later a random file will be generated in c:\windows\temp, called something like 5137548.exe but this name changes randomly each time it appears. I select to delete with AVAST AV but about an hour later another will appear. The virus name is Win32:Trojan-gen{Other} according to AVAST. It is also appearing in other areas, so here is the hijackthis log, followed by AVAST virus log file.....thanks for you time and I hope you can help! Windows XP PRO SP2

Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:33:43, on 19/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashQuick.exe
C:\Documents and Settings\Ebal\Desktop\AV and spyware\HiJackThis.exe

R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {67A90DD5-128D-43AB-B97C-565D2DD42A28} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.5.0_03) -
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) -
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} (Java Plug-in 1.5.0_09) -
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.5.0_10) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{20E734A4-3AE2-42CE-B506-4620089A11E8}: NameServer = 85.255.116.50,85.255.112.86
O17 - HKLM\System\CCS\Services\Tcpip\..\{83477803-79E5-4896-AA9B-F9CA5A7D806D}: NameServer = 85.255.116.50,85.255.112.86
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.50 85.255.112.86
O17 - HKLM\System\CS1\Services\Tcpip\..\{20E734A4-3AE2-42CE-B506-4620089A11E8}: NameServer = 85.255.116.50,85.255.112.86
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.50 85.255.112.86
O20 - AppInit_DLLs:
O22 - SharedTaskScheduler: COM+ Service - {3C49DDAC-3DA4-4743-AF6C-5974FEAF875C} - (no file)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: ICF - Unknown owner - C:\WINDOWS\system32\icf.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Card Adapter (NETDown) - Unknown owner - C:\WINDOWS\smss.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

--
End of file - 5460 bytes



AVAST log:

19/11/2007 19:29:04 SYSTEM 1932 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\TEMP\5137548.exe" file.
19/11/2007 19:28:33 SYSTEM 1932 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\K9A38D6Z\n2_21_09_07_0[1].exe" file.
18/11/2007 20:36:49 SYSTEM 1996 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\TEMP\2105589702.exe" file.
18/11/2007 20:36:33 SYSTEM 1996 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\K9A38D6Z\n2_21_09_07_0[1].exe" file.
18/11/2007 18:25:26 Ebal 944 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\K9A38D6Z\n2_21_09_07_0[1].exe" file.
18/11/2007 17:54:04 SYSTEM 2044 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\Temp\40490719.exe" file.
18/11/2007 17:53:18 SYSTEM 2044 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\TEMP\40490719.exe" file.
18/11/2007 17:41:03 SYSTEM 2044 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\TEMP\14360296.exe" file.
18/11/2007 17:26:22 SYSTEM 2044 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\TEMP\980290926.exe" file.
18/11/2007 14:08:39 SYSTEM 2044 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\TEMP\224875650.exe" file.
18/11/2007 14:08:38 SYSTEM 2044 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\K9A38D6Z\n2_21_09_07_0[1].exe" file.
18/11/2007 12:08:09 SYSTEM 168 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\TEMP\178574244.exe" file.
18/11/2007 12:07:54 SYSTEM 168 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8HANCL2Z\n2_21_09_07_0[1].exe" file.
18/11/2007 11:52:11 SYSTEM 168 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\Temp\44195589.exe" file.
18/11/2007 11:51:19 SYSTEM 168 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\TEMP\44195589.exe" file.
18/11/2007 11:51:02 SYSTEM 168 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\K9A38D6Z\n2_21_09_07_0[1].exe" file.
18/11/2007 00:51:32 Ebal 3424 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\FOUND.003\FILE0004.CHK" file.
17/11/2007 21:57:58 SYSTEM 2040 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\TEMP\736233722.exe" file.
17/11/2007 21:57:21 SYSTEM 2040 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8HANCL2Z\n2_21_09_07_0[1].exe" file.
17/11/2007 20:18:44 SYSTEM 2040 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\TEMP\863838546.exe" file.
17/11/2007 20:18:23 SYSTEM 2040 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\K9A38D6Z\n2_21_09_07_0[1].exe" file.
17/11/2007 20:06:55 Ebal 3284 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8HANCL2Z\n2_21_09_07_0[10].exe" file.
17/11/2007 20:06:55 Ebal 3284 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8HANCL2Z\n2_21_09_07_0[9].exe" file.
17/11/2007 20:06:54 Ebal 3284 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8HANCL2Z\n2_21_09_07_0[3].exe" file.
17/11/2007 20:06:54 Ebal 3284 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8HANCL2Z\n2_21_09_07_0[2].exe" file.
17/11/2007 20:06:54 Ebal 3284 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8HANCL2Z\n2_21_09_07_0[8].exe" file.
17/11/2007 20:06:54 Ebal 3284 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8HANCL2Z\n2_21_09_07_0[7].exe" file.
17/11/2007 20:06:54 Ebal 3284 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8HANCL2Z\n2_21_09_07_0[6].exe" file.
17/11/2007 20:06:54 Ebal 3284 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8HANCL2Z\n2_21_09_07_0[5].exe" file.
17/11/2007 20:06:54 Ebal 3284 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8HANCL2Z\n2_21_09_07_0[4].exe" file.
17/11/2007 20:06:44 Ebal 3284 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8HANCL2Z\n2_21_09_07_0[1].exe" file.
17/11/2007 20:05:45 SYSTEM 2040 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\TEMP\1895575775.exe" file.

Edited by mattotest, 19 November 2007 - 03:04 PM.


BC AdBot (Login to Remove)

 


#2 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:33 PM

Posted 02 December 2007 - 03:21 PM

Hello and welcome to BC.

Sorry for the delay in response. If you have not been helped elsewhere and still require assistance, please post a fresh HijackThis log and I'll be happy to help you.

Edited by amateur, 02 December 2007 - 03:21 PM.


#3 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:33 PM

Posted 06 December 2007 - 10:33 AM

Due to lack of response, this thread will now be closed. If you need this topic reopened, please PM me with the address of the thread.and we will reopen it for you. This applies only to the original topic starter. Everyone else please begin a New Topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users